NSA Still Has No Idea How Many Documents Snowden Took... But Insists We Can Trust Them Because They Audit Everything

from the there's-a-disconnect-there dept

In the ongoing saga over the NSA's snooping on just about everyone, the one message the NSA and its defenders keep going back to is this idea that we need to "trust" them. And they insist that the trust is fine because everything they do is carefully monitored and audited. In John Oliver's recent interview with former NSA boss, General Keith Alexander, Alexander insisted that this kind of tracking and auditing was fool-proof, claiming that it had caught the twelve people who had abused their authority to spy on specific individuals. Except that Alexander was flat out lying there. First of all, internal investigations have shown thousands of abuses, not just twelve. As for the twelve that Alexander is talking about, when we looked through the details, it became clear that only three of the twelve were caught because of audits. And many were only caught because the guilty party later confessed -- sometimes many years later.

In other words, all this talk of how we should "trust" the NSA because its audits are so good... don't pass the basic laugh test. Yes, twelve people were caught, but nine of them were caught because they confessed themselves or others turned them in. Your guess is as good as mine about how many others abused the system without getting caught at all. Alexander insists that number is zero, but he has no way to know that.

Meanwhile, every time the NSA talks about how wonderful its auditing system is, it seems worthwhile to remind them that Edward Snowden walked out the door with a bunch of documents and no one noticed. At all. As we've been pointing out for months, that should call into question just how good those "audits" are.

And, to make this point even clearer: nearly a year after Snowden walked out the door with all of those documents, the NSA still has no idea what he took. As Glenn Greenwald points out, Alexander is still saying the NSA has no idea how much Snowden took:

AFR: Can you now quantify the number of documents [Snowden] stole?

Gen. Alexander: Well, I don’t think anybody really knows what he actually took with him, because the way he did it, we don’t have an accurate way of counting. What we do have an accurate way of counting is what he touched, what he may have downloaded, and that was more than a million documents.

In fact, the NSA keeps changing its story on how many documents. Early on, Greenwald had suggested it was in the 60,000 to 70,000 range. Just a few days ago, Ewan MacAskill, the often-overlooked Guardian reporter who was with Greenwald and Laura Poitras when they first met Snowden, told a conference that Snowden had 60,000 documents. Yet, by November, the NSA was claiming it was over 200,000 documents. And in December it suddenly jumped to 1.5 million, and then days later, 1.7 million -- based on the assumption, as Alexander admits above, that Snowden took everything he "touched."

But just that very admission highlights that the auditing system the NSA keeps insisting we should trust is completely broken. As we've noted, if the NSA can't tell how its own systems are being used, then it has no idea how they're being abused. Even worse, the NSA has no idea if other people with powers similar to Snowden may have taken other documents and given them to those who actually mean to do us harm, rather than reporters looking to serve the public interest.

In admitting that the NSA has no way of knowing what Snowden did, Alexander is admitting that all this talk of the infallible audit system is all smoke and mirrors. And, because of that, the claims that we can trust the NSA not to abuse its systems are equally untrustworthy.

Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Michael, May 8th, 2014 @ 12:09pm

    I donít think anybody really knows what he actually took with him

    You could open a dialog with Snowden and, you know, ask - if you weren't still trying to drop him down a very deep hole for exposing your mess.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Violynne (profile), May 8th, 2014 @ 12:13pm

    Well, the NSA has nothing to worry about. This Tuesday, Glenn Greenwald is planning on releasing more unpublished documents.

    If he keeps this up, the NSA will easily be able to tally what was taken and adjust their audit accordingly.

    Pulitzer Update:
    Glenn: 1
    NSA: -26

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    John Fenderson (profile), May 8th, 2014 @ 12:17pm

    Beyond trust

    The trust ship has long since sailed. Nothing that the NSA or its defenders say can be trusted, period. Unless they can prove their assertions, the only rational thing to do is to ignore their claims.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, May 8th, 2014 @ 12:19pm

    So far the only one we know for sure is lying, is the government and the NSA. I am yet to hear one thing that the Snowden releases have said to be proven not to be the facts.

    The record speaks for itself and if it weren't so troubling no one would be hearing anything from the NSA. The fact they are lying at all while making public announcements says they know they screwed up and cover up is called for.

    This is why the public and the world doesn't trust the NSA and why they have what they would like to call a perception problem with the public.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, May 8th, 2014 @ 12:21pm

    I wouldn't swerve to miss Alexander if he walked in front of my car, no matter how much the dozens of car washes it would take to get his stink off cost.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Michael, May 8th, 2014 @ 12:24pm

    Re:

    I think he rides around in a black helicoptor.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, May 8th, 2014 @ 12:25pm

    They audit everything so well, they had no idea for years that their employees were spying on their girlfriends.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    That One Guy (profile), May 8th, 2014 @ 12:30pm

    Re: Beyond trust

    Actually it's still rather important to pay attention to what they're claiming, as, given they all seem to be pathological liars, if you read it correctly you can get a decent idea as to what they're actually doing, based upon what they say and how they say it.

    For example:

    Q: "Are you scooping up data from the american public?'
    A: "We are not. Not under this program."

    Or alternatively...

    A: "We are not. Not that I'm aware of, no."
    (If a low ranking grunt from the agency said something like this, it would be plausible. If a higher up in the agency says something like this though, the only 'plausible' is 'plausible deniability')

    Read between the lines and you get...

    Q: "Are you scooping up data from the american public?"
    A: "Absolutely."

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Michael, May 8th, 2014 @ 12:32pm

    Re:

    They aren't lying.

    They are protecting you from the truth.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    ChurchHatesTucker (profile), May 8th, 2014 @ 12:35pm

    Re:

    I suspect Snowden's reaction would be along the lines of "Don't you know? How lax is your own security?"

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, May 8th, 2014 @ 12:36pm

    It's hard to trust someone who spies on those who have nothing to do with terrorism. Just ask Angela Merkel.

    The counter argument to what I just said, is that she's the leader of a foreign country. Therefore spying on her relates to national security.

    Except, I thought Germany is a close friend and ally to the United States. Spying on friends isn't proper behavior, and suggests distrust by the NSA's behalf.

    If the NSA can't even trust their own allies and friends, then isn't it hypocritical for the NSA to be asking for trust in return?

    The simple fact is anything can be spun into a national security issue. Which means the NSA can spy on anyone. That's why I'll never trust them.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Michael, May 8th, 2014 @ 12:43pm

    Re: Re:

    So far, he has not responded like that to anything. While the NSA and US government have continued to act like petulant children, his responses have all been reasonable and seem to be thought out.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, May 8th, 2014 @ 12:44pm

    Where's the logs?

    Every server I know about keeps logs of all transactions it processes. What happened to the NSA server logs? Are they hiding them or did someone turn off the logging functions in the entire complex?

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, May 8th, 2014 @ 12:44pm

    Re:

    Sure somebody knows. Snowden knows. The journalists know. It's just they don't know.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    David, May 8th, 2014 @ 12:45pm

    So according to Alexander

    the typical outsourced contractor goon has access to at least 1.7†million highly sensitive classified documents without requiring approval on record. There are no automatic records, and we are talking about specialists in snooping.

    What could possibly go wrong?

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, May 8th, 2014 @ 12:46pm

    Re: Where's the logs?

    His job was as a system administrator. Maintaining the logs is part of his job.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    John Fenderson (profile), May 8th, 2014 @ 12:47pm

    Re: Re: Beyond trust

    Yes, that's an excellent point. Perhaps I should revise my statement that the only rational thing to do with NSA statements is to take them as deceptive unless they can produce proof of their claims.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Michael, May 8th, 2014 @ 12:48pm

    Re:

    Spying on friends isn't proper behavior

    That's not really true in intelligence communities. There has always been an unwritten rule that countries (at least most of the western countries) don't get upset when intelligence agents are caught spying on each other.

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    John Fenderson (profile), May 8th, 2014 @ 12:50pm

    Re:

    "I thought Germany is a close friend and ally to the United States"

    The US is not the friend of any nation. I forget who said it, but a heavyweight in government once said this outright -- the US has temporary alliances, not friends, because the interests of the US may shift as time goes by.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, May 8th, 2014 @ 12:59pm

    NSA knows that records can leak, so they have an audit system designed to avoid leaks, it produces no records.

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    John Fenderson (profile), May 8th, 2014 @ 1:00pm

    Re: Re: Where's the logs?

    Not all the logs. Logs that may be used for investigating security breaches should be replicated on a different server that is not accessible to anyone but a specially designated investigator. If the NSA failed to do this, then that just makes their failure even worse.

    Also, being a system administrator should not give you access to unencrypted sensitive data in any company, and especially not a spy agency. The security failure on that count is absolutely mind boggling.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, May 8th, 2014 @ 1:00pm

    Re: Where's the logs?

    Allow me to introduce you to Microsoft SharePoint...

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    Chronno S. Trigger (profile), May 8th, 2014 @ 1:19pm

    Re: Where's the logs?

    Those exact logs are what Alexander is referencing. The logs kept track of every single transaction Snowden made. Each and every file that Snowden opened was logged. However, the system is missing any information on the difference between opened and copied. If you're just looking at transactions, copied and opened look exactly the same; the file's bits are being transferred to another computer.

    That's why Alexander is saying he could have taking over a million. Snowden touched lots of files, but they have no way to tell which ones were copied and which ones were only opened. Granted, them changing the numbers suggests that they don't even have those logs. They probably don't have much of anything.

    These people cannot be trusted to do the job their suppose to do, let alone spy on each and every person they can.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, May 8th, 2014 @ 1:30pm

    Re: Re: Re: Where's the logs?

    Logs like that only exist if your agency can be investigated. They have all the blackmail material and therefor never get investigated and thus have no need for silly little evidence trails.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, May 8th, 2014 @ 1:41pm

    Re: Re:

    "The US is not the friend of any nation."

    Even their own.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, May 9th, 2014 @ 1:20am

    Re: Re:

    Well yeah, how else can they exploit the fucked up loophole known as intelligence sharing? You violate the rights of our citizens we violate the rights of yours without technically overstepping our bounds.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.